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IN THE CLAIMS: 

1 1 . (Original) A method for creating and maintaining a plurality of virtual servers within 

2 a server, the method comprising the steps of: 

3 partitioning resources of the server to establish an instance of each virtual server; 

4 and 

5 enabling controlled access to the resources using logical boundary checks and se- 

6 curity interpretations of those resources within the server. 

1 2. (Original) The method of Claim 1 wherein the step of partitioning comprises the steps 

2 of: 

3 allocating dedicated resources of the server to each instance of the virtual server; 

4 and 

5 sharing common resources of the server among all of the virtual servers. 

1 3. (Original) The method of Claim 2 wherein the dedicated resources are units of storage 

2 and network addresses of network interfaces of the server. 

1 4. (Original) The method of Claim 3 wherein the common resources are an operating sys- 

2 tern and a file system of the server. 

1 5. (Original) The method of Claim 4 wherein the server is a filer and wherein the virtual 

2 servers are virtual filers (vfilers). 
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2 6. (Currently Amended) Th e method of Claim 5 wherein the step of e nabling comprises 

3 the step of A method for creating and maintaining a plurality of virtual servers within a 

4 server the method comprising the steps of: 

5 partitioning resources of the server to establish an instance of each virtual server 

6 by allocating units of storage and network addresses of network interfaces of the server to 

7 each instance of the virtual server, and sharing an operating system and a file system of 

8 the server among all of the virtual servers; 

9 enabling controlled access to the resources using logical boundary checks and se- 

10 curitv interpretations of those resources within the server; and 

n providing a vfiler context structure including information pertaining to a security 

12 domain of the vfiler. 

1 7. (Original) The method of Claim 6 wherein the step of allocating comprises the step of 

2 providing a vfstore list of the vfiler context structure, the vstore list comprising pointers 

3 to vfstore soft objects, each having a pointer that references a path to a unit of storage al- 

4 located to the vfiler. 

1 8. (Original) The method of Claim 7 wherein the step of allocating further comprises the 

2 step of providing a vfnet list of the vfiler context structure, the vfnet list comprising 

3 pointers to vfnet soft objects, each having a pointer that references an interface address 

4 data structure representing a network address assigned to the vfiler. 

1 9. (Original) The method of Claim 8 wherein the step of enabling further comprises the 

2 step of performing a vfiler boundary check to verify that a vfiler is allowed to access cer- 

3 tain storage resources of the filer. 

1 10. (Original) The method of Claim 9 wherein the step of performing comprises the step 

2 of validating a file system identifier and qtree identifier associated with the units of stor- 

3 age. 
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1 11. (Original) The method of Claim 10 wherein the step of performing further comprises 

2 the steps of: 

3 for each request to access a unit of storage, using the identifiers to determine 

4 whether the vfiler is authorized to access the unit of storage; 

5 if the vfiler is not authorized to access the requested unit of storage, immediately 

6 denying the request; 

7 otherwise, allowing the request; and 

8 generating file system operations to process the request. 

1 12. (Original) A system adapted to create and maintain a plurality of virtual servers 

2 within a server, the system comprising: 

3 storage media configured to store information as units of storage resources, the 

4 units of storage resources allocated among each of the virtual servers; 

5 network interfaces assigned one or more network address resources, the network 

6 address resources allocated among each of the virtual servers; 

7 an operating system having a file system resource adapted to perform a boundary 

8 check to verify that a request is allowed to access to certain units of storage resources on 

9 the storage media, each virtual server allowed shared access to the file system; and 

10 a processing element coupled to the network interfaces and storage media, and 



n configured to execute the operating and file systems to thereby invoke network and stor- 

12 age access operations in accordance with results of the boundary check of the file system. 

1 13. (Currently Amended) Th e system of Claim 12 furth e r comprising A system adapted 

2 to create and maintain a plurality of virtual servers within a server, the system compris- 

3 ing: 

4 storage media configured to store information as units of storage resources, the 

5 units of storage resources allocated among each of the virtual servers: 



4 



PATENTS 
112056-0022 
P01-1047 



6 network interfaces assigned one or more network address resources, the network 

7 address resources allocated among each of the virtual servers; 

8 an operating system having a file system resource adapted to perform a boundary 

9 check to verify that a request is allowed to access to certain units of storage resources on 

10 the storage media, each virtual server allowed shared access to the file system; 

n a context data structure provided to each virtual server, the context data structure 

12 including information pertaining to a security domain of the virtual server that enforces 

13 controlled access to the allocated and shared resources ; and 

14 a processing element coupled to the network interfaces and storage media, and 

15 configured to execute the operating and file systems to thereby invoke network and stor- 

16 age access operations in accordance with results of the boundary check of the file system. 

1 14. (Original) The system of Claim 13 wherein the units of storage resources are volumes 

2 and qtrees. 



1 15. (Original) The system of Claim 14 further comprising a plurality of table data struc- 

2 tures accessed by the processing element to implement the boundary check, the table data 

3 structures including a first table having a plurality of first entries, each associated with a 

4 virtual server and accessed by a file system identifier (fsid) functioning as a first key into 

5 the table, each first entry of the first table denoting a virtual server that completely owns 

6 a volume identified by the fsid. 



1 16. (Original) The system of Claim 1 5 wherein the table data structures further include a 

2 second table having a plurality of second entries, each associated with a virtual server and 

3 accessed by a second key consisting of an fsid and a qtree identifier (qtreeid), each sec- 

4 ond entry of the second table denoting a virtual server that completely owns a qtree iden- 

5 tified by the fsid and qtreeid. 
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1 17. (Original) The system of Claim 16 wherein the server is a filer and wherein the vir- 

2 tual servers are virtual filers. 



1 18. (Original) Apparatus adapted to create and maintain a plurality of virtual filers (vfil- 

2 ers) within a filer, the apparatus comprising: 

3 means for allocating dedicated resources of the filer to each vfiler; 

4 means for sharing common resources of the filer among all of the vfilers; and 

5 means for enabling controlled access to the dedicated and shared resources using 

6 logical boundary checks and security interpretations of those resources within the server. 

1 19. (Original) The apparatus of Claim 18 wherein the means for enabling comprises 

2 means for performing a vfiler boundary check to verify that a vfiler is allowed to access 

3 certain dedicated resources of the filer. 



1 20. (Currently Amended) The apparatus of Claim 18 wh e r e in th e means for e nabling 

2 comprises m e ans Apparatus adapted to create and maintain a plurality of virtual filers 

3 ( vfilers) within a filer, the apparatus comprising: 



4 means for allocating dedicated resources of the filer to each vfiler; 

5 means for sharing common resources of the filer among all of the vfilers; and 

6 means for enabling controlled access to the dedicated and shared resources using 

7 logical boundary checks and security interpretations of those resources within the 

8 server and for providing a vfiler context structure including information pertain- 

9 ing to a security domain of the vfiler. 

1 21. (Original) A computer readable medium containing executable program instructions 

2 for creating and maintaining a plurality of virtual filers (vfilers) within a filer, the execu- 

3 table program instructions comprising program instructions for: 

4 allocating dedicated resources of the filer to each vfiler; 
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5 sharing common resources of the filer among all of the vfilers; and 

6 enforcing enabling access to the dedicated and shared resources using logical 

7 boundary checks and security interpretations of those resources within the server. 

1 22. (Original) The computer readable medium of Claim 21 wherein the program instruc- 

2 tion for enabling comprises a program instruction for performing a vfiler boundary check 

3 to verify that a vfiler is allowed to access certain dedicated resources of the filer. 

1 23. (Currently Amended) The computer readabl e m e dium of Claim 21 wh e r e in th e pro - 

2 gram instruction for enabling comprises a program instruction for A computer readable 

3 medium containing executable program instructions for creating and maintaining a plu- 

4 rality of virtual filers (vfilers) within a filer, the executable program instructions compris- 

5 ing program instructions for: 

6 allocating dedicated resources of the filer to each vfiler; 

7 sharing common resources of the filer among all of the vfilers; and 

8 enabling access to the dedicated and shared resources using logical boundary 

9 checks and security interpretations of those resources within the server and providing a 

10 vfiler context structure including information pertaining to a security domain of the 
n vfiler. 
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Please add New Claims 24 et seq. 

24. (New) Electromagnetic signals propagating on a computer network containing ex- 
ecutable program instructions for creating and maintaining a plurality of virtual filers 
(vfilers) within a filer, the executable program instructions comprising program instruc- 
tions for: 

allocating dedicated resources of the filer to each vfiler; 
sharing common resources of the filer among all of the vfilers; and 
enabling access to the dedicated and shared resources using logical boundary 
checks and security interpretations of those resources within the server. 

25. (New) Electromagnetic signals propagating on a computer network containing ex- 
ecutable program instructions for creating and maintaining a plurality of virtual filers 
(vfilers) within a filer, the executable program instructions comprising program instruc- 
tions for: 

allocating dedicated resources of the filer to each vfiler; 

sharing common resources of the filer among all of the vfilers; and 
enabling access to the dedicated and shared resources using logical boundary checks and 
security interpretations of those resources within the server and providing a vfiler context 
structure including information pertaining to a security domain of the vfiler. 
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